Public Cloud Security: Minimizing the Risk of Misconfigurations
As a channel partner, public cloud security should be a top priority – after all, it’s not just your own cloud environment that needs to be protected, but also your customers’.
To help partners navigate the ins and outs of managing public cloud security and compliance, we’re running a three-part article series to share best practices and key considerations for a public cloud security strategy.
In part 1, we explored shared responsibility models and channel partners’ duties for fulfilling their responsibility for strong security in the cloud. Here in part 2, we’ll focus on the common problem of cloud misconfigurations, including the risks they can pose by leaving cloud data open to cybercriminals, and how partners can shut down these accidental exposures.
Misconfigurations Leave the Back Door Open to Cybercriminals
Nearly every organization offers some form of value to a cybercriminal. And while many organizations today are targeted based on their financial value or industry sector, it isn’t as clear cut in the cloud.
An organization’s cloud security posture can often become the deciding factor when it comes to how attackers choose their entry methods or zone in on weak points. Think of the cloud like a building with multiple windows and doors – in other words, multiple potential access points for someone, or something, to get in and out. For example, a misconfigured route table on an organization’s firewall could leave the window wide open. Or, virtual machines running private server workloads or hosting sensitive data could suddenly become accessible via the Internet.
According to Sophos’ State of Cloud Security report – which surveyed more than 3,000 IT managers in 26 countries who are using the public cloud – misconfigurations that leave back doors open to attackers are affecting organizations globally. Security gaps in misconfigurations were exploited in two thirds (66%) of attacks in 2020, either through attackers exploiting a flaw in the web application firewall to access account credentials (44%), or attackers taking advantage of a misconfigured resource (22%).
As organizations start to introduce new cloud services, the potential for misconfiguration only increases, which consequently expands an organization’s attack surface. A review of cloud accounts by the Sophos Public Cloud Security team discovered that accidental data exposure through misconfigured storage services can have serious implications for data security, considering 60% of organizations leave cloud data unencrypted.
Encryption is critical to stop cybercriminals from seeing stored information and is a requirement for many compliance and security best-practice standards. Misconfiguring cloud services in “public mode” – a setting that can be applied to databases, shared storage and other cloud services – is a major cause of data breaches, as it allows cybercriminals to automate their searches for weak points in security.
How to Prevent A Cloud Misconfiguration Breach
Moving workloads to the cloud offers tremendous benefits to organizations of all sizes, but channel partners must put the right guardrails in place to prevent a cloud-misconfiguration breach:
- Start with the assumption that attackers will find cloud assets. Accurate visibility of cloud services is the only way to guarantee they are configured securely and protected against threats.
- Continually monitor cloud resource configurations. Proactive monitoring of configurations can significantly reduce the likelihood of breaches.
- Deploy layered defense. Cybercriminals use a range of techniques to get around defenses. They will commonly try several approaches until they find a weakness that can be exploited. Make sure to defend against all possible vectors of attack.
Protection from the latest generation of public cloud cyberattacks requires advanced protection technologies. Sophos Cloud Optix provides detection and response in the public cloud, by continually monitoring cloud infrastructure configurations to detect insecure deployments, suspicious access events, over-privileged IAM roles, unusual network traffic, and sudden spikes in cloud spend. Its guardrails lock down configurations to stop accidental or malicious changes that could impact security posture, for both channel partners and the customers they have a duty to protect.